By Shane Harris
National Journal Magazine
Dec. 20, 2008
On October 26, 2006, computer security personnel from across the
legislative branch were informed that the Congressional Budget Office
had been hit with a computer virus. The news might not have seemed
extraordinary. Hackers had been trying for years to break into
government computers in Congress and the executive branch, and some had
succeeded, making off with loads of sensitive information ranging from
codes for military aircraft schedules to design specifications for the
Employees in the House of Representatives' Information Systems Security
Office, which monitors the computers of all members, staffers, and
committee offices, had learned to keep their guard up. Every year of
late, they have fended off more than a million hacking attempts against
the House and removed any computer viruses that made it through their
safeguards. House computers relay sensitive information about members
and constituents, and committee office machines are especially loaded
with files pertaining to foreign policy, national security, and
intelligence. The security office took the information from the CBO
attack and scanned the House network to determine whether any machines
had been compromised in a similar fashion.
They found one. A computer in one member's office matched the profile of
the CBO incident. The virus seemed to be contacting Internet addresses
outside the House, probably other infected computers or servers, to
download malicious files into the House system. According to a
confidential briefing on the investigation prepared by the security
office and obtained by National Journal, security employees contacted
the member's office and directed staffers to disconnect the computer
from the network. The briefing does not identify the member of Congress.
Apparently worried that the virus could have already infected other
machines, security personnel met with aides from the member's office and
examined the computer. They confirmed that a virus had been placed on
the machine. The member's office then called the FBI, which employs a
team of cyber-forensic specialists to investigate hackings. The House
security office made a copy of the hard drive and gave it to the bureau.
Upon further analysis, the security office found more details about the
nature and possible intent of the hack. The machine was infected with a
file that sought out computers outside the House system to retrieve
"malware," malicious or destructive programs designed to spy on the
infected computer's user or to clandestinely remove files from the
machine. This virus was designed to download programs that tracked what
the computer user typed in e-mail and instant messages, and to remove
documents from both the hard drive and a network drive shared by other
House computers. As an example of the virus's damage, the security
office briefing cited one House machine on which "multiple compressed
files on multiple days were created and exported." An unknown source was
stealing information from the computer, and the user never knew it.
Armed with this information about how the virus worked, the security
officers scanned the House network again. This time, they found more
machines that seemed to match the profile -- they, too, were infected.
Investigators found at least one infected computer in a member's
district office, indicating that the virus had traveled through the
House network and may have breached machines far away from Washington.
Help InfoSecNews.org with a donation!